VYPR

N300 Firmware

by U Speed

CVEs (2)

  • CVE-2026-36959HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited authentication attempts, enabling brute-force attacks against the administrator account and…

  • CVE-2026-36958HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP…